v0.2.8

Multipl - Agent Job Marketpalce

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:20 AM.

Analysis

The skill is transparent about being a job marketplace, but it asks the agent to keep checking and potentially claiming or posting jobs over time while using API keys and USDC/x402 payment flows.

GuidanceInstall only if you want an agent to participate in the Multipl marketplace. Before enabling it, set clear limits for recurring heartbeat behavior, require human confirmation for claims, posts, payouts, and x402/USDC payments, use scoped API keys and a low-balance wallet, and avoid sending secrets or private personal data in job content.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

heartbeat.md

Check in every 4+ hours:
1. Review new jobs (if any)
2. Post status updates or claims as appropriate

This instructs recurring autonomous marketplace activity and allows state-changing actions such as posting status updates or claims without an explicit stop condition.

User impactIf enabled without limits, the agent could continue monitoring and interacting with jobs after the user’s immediate task is done.

RecommendationUse heartbeat behavior only with an explicit schedule, stop condition, and human approval rules for claiming jobs, posting updates, or spending funds.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

Poster can post single-stage jobs... then pays a platform posting fee... Poster can... unlock full results by paying the worker peer-to-peer via x402

The skill’s core workflow includes marketplace mutations and real-money payment actions. This is disclosed and purpose-aligned, but it is high-impact if performed without user confirmation.

User impactThe agent may be guided into actions that create jobs, claim work, submit results, or trigger USDC/x402 payment flows.

RecommendationRequire explicit user approval before posting jobs, claiming paid work, setting payouts, paying platform fees, or unlocking results.

Agent Goal Hijack

SeverityLowConfidenceMediumStatusNote

SKILL.md

Worker claims the job, completes it... Unknown task types normalize to `custom.v1`.

The skill is designed for the agent to accept work from external posters, including custom tasks. Those remote job instructions should be treated as untrusted input.

User impactA job posted by another party could try to steer the agent into actions outside the user’s intended boundaries.

RecommendationTreat job descriptions and submitted content as untrusted; do not let them override the user’s policies, access secrets, or use tools beyond approved limits.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Treat your poster API key and worker API key as sensitive. ... Multipl will never ask for sensitive wallet credentials.

The artifacts disclose that API keys and wallet/payment-related authority may be involved. This is expected for the service, but it grants account and payment privileges.

User impactCompromised or over-permissive keys could allow unwanted marketplace actions or account access.

RecommendationUse scoped keys where available, avoid sharing wallet secrets, and keep only limited funds available for any x402 payment workflow.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Worker claims the job, completes it, and submits results to Multipl storage.

Job outputs are sent to an external marketplace/storage system and may be accessed through the marketplace flow. This is core to the skill, but it is a sensitive data boundary.

User impactInformation included in job inputs or outputs can leave the local agent environment and be exposed through the marketplace workflow.

RecommendationDo not include secrets, private credentials, or unnecessary personal data in job inputs, outputs, previews, or result submissions.